Stateward All advisories →
medium
CVE-2025-64641
Go · github.com/mattermost/mattermost-server • Go · github.com/mattermost/mattermost-server/v5 • Go · github.com/mattermost/mattermost-server/v6 • Go · github.com/mattermost/mattermost/server/v8
Summary Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin in github.com/mattermost/mattermost-server
Severity medium EPSS 0.1% (p4) Also known as GHSA-vww6-79rv-3j4x, GHSA-vww6-79rv-3j4x#github.com/mattermost/mattermost-server, GHSA-vww6-79rv-3j4x#github.com/mattermost/mattermost/server/v8, GO-2025-4260, GO-2025-4260#github.com/mattermost/mattermost-server, GO-2025-4260#github.com/mattermost/mattermost-server/v5, GO-2025-4260#github.com/mattermost/mattermost-server/v6, GO-2025-4260#github.com/mattermost/mattermost/server/v8 Published 2026-02-26 Related advisories CVE-2026-6346 — high · Go/github.com/mattermost/mattermost-serverCVE-2026-6347 — high · Go/github.com/mattermost/mattermost-serverCVE-2026-6339 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-5163 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-28732 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-6345 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-6340 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-3637 — medium · Go/github.com/mattermost/mattermost-serverIs your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.
Check my repo